Forensic Toolkit® (FTK®): Recognized around the World as the Standard Digital Forensic Investigation Solution.
FTK is a court-cited digital investigations platform built for speed, stability and ease of use. It provides comprehensive processing and indexing up front, so filtering and searching is faster than with any other product. This means you can “zero-in” on the relevant evidence quickly, dramatically increasing your analysis speed. Furthermore, because of its architecture, FTK can be setup for distributed processing and incorporate web-based case management and collaborative analysis.
Visualize Big Data, Find the Relevant Evidence Faster
FTK’s database-driven, enterprise-class architecture allows you to handle massive data sets, as it provides stability and processing speeds not possible with other tools. It provides built-in data visualization and explicit image detection technology to quickly discern and report the most relevant material in your investigation. FTK’s interoperability with all AccessData’s solutions, allows you to correlate massive data sets from different sources, such as, computer hard-drives, mobile devices, network data, internet storage and more. This capability makes FTK the only digital investigation solution capable to reduce case investigative times by allowing you to review data and identify relevant evidence, all in one centralized location.
Automated Malware Triage and Analysis
Available as an add-on to FTK, Cerberus allows you to determine the behavior and intent of suspect binaries, giving you actionable intelligence without having to wait for the malware team to perform deeper, more time consuming analysis. This automated malware triage and analysis allows you to:
- Gain actionable intelligence in seconds to validate threats and take decisive action.
- Achieve signature-less malware detection with proactive threat scans.
AccessData’s Decryption Solutions are the Key to Crack it!
AccessData has developed other industry-leading solutions to assist in password recovery. These solutions are used in many different environments to provide specific, password-cracking related functions. Law enforcement and corporate security professionals performing computer forensic investigations, utilize these solutions to access password-protected files. Likewise, administrators can also utilize these solutions to recover system passwords, lost personal passwords and more . AccessData’s Password Recovery Toolkit® (PRTK®) and Distributed Network Attack® (DNA®) provide access to passwords for a large number of popular software applications. PRTK runs on a single machine only. DNA uses multiple machines across the network or across the world to conduct key space and dictionary attacks.
The following add-ons are available to enhance the power and speed of password-cracking with PRTK and/or DNA.
Rainbow (Hash) Tables
Rainbow Tables are pre-computed, brute-force attacks. In cryptography, a brute-force attack is an attempt to recover a cryptographic key or password by trying every possible key combination until the correct one is found. How quickly this can be done depends on the size of the key, and the computing resources applied. A system set at 40-bit encryption has one trillion keys available. A brute-force attack of 500,000 keys per second would take approximately 25 days to exhaust the key space combinations using a single 3 GHz Pentium 4 computer. With a Rainbow Table, because all possible keys in the 40-bit keyspace are already calculated, file keys are found in a matter of seconds-to-minutes; far faster than by other means. DNA and PRTK seamlessly integrate with Rainbow Tables.
Portable Office Rainbow Tables (PORT)
AccessData Portable Office Rainbow Tables (PORT) are different from the full Hash tables set. A statistical analysis is done on the file itself to determine the available keys. This takes far less space than the Hash Tables, but also takes somewhat more time and costs a small percentage in accuracy.
Let’s Get Started
FTK leverages multi-machine processing capabilities, cutting case processing times more than 400% vs. leading competitor reducing case backlog significantly; it performs comprehensive processing upfront greatly increasing the speed with which an examiner can focus on the actual investigation.